dont-commit-log-statements
This may have just accidentally been missed. But, in general, we don't want to commit log statements into the official codebase for a few reasons.
- The first is that it will log out to everyone's browser who uses the application. Every person who visits the website will be able to open the JavaScript console in their browsers and see all of the console log statements.
- If the code is a Node backend, or it is a different language, it will log to the backend server. Meaning that if the server ever got hacked, if the database is encrypted, the hacker won't get access to sensitive information. But they would still be able to see all of the log files that were written and could use that to harm people.
- Legal issues and lawsuits:
- π± Logging PII (personally identifiable information) allows people's identities to be stolen and can get us sued.
- π± Logging billing information violates PCI compliance and can come with severe fines.
- π± Logging PII in a medical context violates HIPPA compliance and carries all of the above issues plus possible jail time in the case of "gross negligence".
If all of that sounds scary, no worries. Normally companies have automatic linters that would reject a pull request with log statements. I just happen to not have set that up yet. π
Referred in
If you think this note resonated, be it positive or negative, send me a direct message on Twitter or an email and we can talk.